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CLATMS 

I - (previously presented) A method for crcatitig a proof ofpossession 
cojUuTDatiou for inclusion by a ccrtificalion aulhorily into a digital certillcale, the digital 
ccrlinc^^tc for Uiic by an end user, the melhod comprising: 

receiving, from iho certification authority in response to a certillcale 
rc^\ucsi by the end user, a plurah'ly of data fields corresponding to a target host system, llie 
idcnlily of iho end user, and a proof of identity possession by the end user; 

analyzing the content of said plurality of data Fields; 

verifying tlic accuracy of said plurality of data fields; and 

if said plurality of dala fields is veriticd as accurate, sending a signed 
object to the certification authority, said signed object comprising the proofoFposscssion 
coiifinnah^on, wherein said proof of possession con.fimiatiort is constaictcd in a manner 
50 i\<y to prevent replay attacks by an impostor. 

2. (original) 'f he method of claim I , wherein said plurality of data fields 
fiulhcr comprises; 

a host name; 

a subject identification; 

a subject public key information; and 

a scaled proof of possession. 

3. (original) The method of claim 2, wherein analyzing the content of said 
plurality of data Holds fiirthcr comprises: 

dcciypting a proof of possession structure from said sealed proof of 

possession; 

exlracting a password from said scaled proof of possession sirticturc; 
extracting a key identifier from said proof of possession stmcturc; and 
calculatijig a correct key ideniifier from said subject public key 

information* 
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4. (origuial) The mclhod of claim 3, wherein Ihc accuracy of sciid pluralily of 
d:ila fields is verified if: 

^aid ho$l name is matched with <m identity of said target host system; 
said extracted password is validated as a valid password for tlie end user, 

and 

siud extiticlcd key ideiUifier i$ matched with said correct key identifier 
calculated from said subject public key inrorniation. 

5. (original) Thomclliod ofcloint 3, wliercin said extracted password and said 
extracted key identifier are initially S3^nmctrically encrypted. 

6. (original) The mclliod of claim 3, wherein said extracted password and 
$aid c.ximcted key identifier are initially asymmetrically encryi:)led. 

7. (original) The method of claim 1, wherein: 

said plurality of data fields includes a password; and 
said signed object docs not include said password. 

8. (previously presented) A storage mcdiuni encoded with a machine readable 
computer program Code for creating a proof ofpossession confinnation for inclusion by a 
certification authority into a digital certificate, the digital certificate for use by an end 
user, the storage medium including instructions for causing a computer to implement a 
melhod, Ihomelhod comprising: 

receiving, from the certification authority in response to a certificate 
request V)y the end user, a plurality of data fields corresponding to a tjjrget host system, the 
identity of the end user, and a proof of identity possession by the end user; 

analyzing the content ofsaid plurality of data fields; 

verifying the accuracy of s?iid pluralily of data fields; and 
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irs;;iid pluvalily ofdalM fields is vcriHed as accurate, sending a signed 
object to the ccrlillcfition authority, said signed object comprising the prooforposscssion 
conflimiUion, wherein said proofof possession confirnnation is constnictcd in a manner 
so as lo prevent replay attacks by an impostor, 

9. (original) The storage mcdiuiji orclaim 8, wherein said plurality of data 
fiekis furlher comprises: 

a host name; 

a subject identification; 

a subject public key inronnation; and 

a sealed proofof possession. 

1 0. (original) The storage medium of claim 9, whcrciii analyzing Ibo content 
of said plurality of data fields failUcr comprises: 

dcciyi^ling a proof of possession stmcture froni said sealed proof of 

pos^vesston; 

extracting a password from said scaled proof of possession structure; 
extracting a key idcntiller from said proof of possession structure; and 
calculating a corrcci key identifier from said subject public key 

jnfonnatiou. 

1 1 . (original) '1 he storage medium of claim 1 0, wherein the accuracy ofsaid 
plurality of data fields is verified if: 

said host name is matched with an identity of said target host system; 
said extracted password is validated as a valid password for llic end user; 

and 

said exlracled key identifier is matched with said correct key identifier 
calculalcd Irom said subject public key information. 
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1 2. (original) Tlic slontj^c nicdium of claim 10, wherein said extracted 
piissword and said extracted Icyy itlenlifier arc initially symmetrically cneryi^tcd, 

13. (original) Tlic storiige medium of claim 1 0, wherein said extracted 
p^issword and said extracted key identifier arc initially asymmetrically encryi^ted, 

14. (original) The storage medium of claim 8, wherein: 

said plurality ofdata fields includes a password; ami 
said signed object docs not include said password. 

1 5. (previously presented) A computer data signal, embodied in a carrier wave 
for creating a proofoFpossession confirmation for inclusion by a certification authority 
into a digital certificate, the digital ccilificatc for use by an end user, the computer data 
.•^igrtal comprising code configured to cause a processor to implement a method, the 
method comprising: 

receiving, from the certification authority in response to a certificate 
request by tlic end user, a plurality ofdata fields corresponding to a target host system, the 
idtNilily of the end uscr^ and aproof of identity possessioji by the end user; 

analyzing the content of said plurality of data fields; 

verifying Qie accuracy of said plurality of data fields; and 

if said plurality ofdata fields is verified as accurate, sending a signed 
olijccl to the certification authority, said signed object comprising the proof of possession 
conlunintion, wlicrciu said proof of possession cojifimiation is constnicted in a niam^cr 
so as lo prcvcnl replay atlacks by an impostor, 

16. (original) The computer data signal of claim 15, wherein said plurality of 
data fields further comprises: 

n host name; 

a subject identification; 
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a subject public key information; and 
a scaled proof orpo$.scssion. 

17. (origiiKil) The computer data signal of claim 16, whereiti analyzing the 
conlCMt of&i^id plurality of data fields fnilhcr comprises: 

decrypting a proofof possc$<iion structure from said scaled proof of 

possession; 

extracting a password from said sealed proof of possession siriicliirc; 
extracling a Icey identifier from said proof of possession slniclnrc; and 
calculating y coirccl key identifier fi-om said subject public key 

infonuntion. 

1 8. (original) Tlic coniputcr <la(a signed of claim 17, wherein the accuracy of 
snid plurality of data fields is verified if: 

said host name is matched with ?ia identity of said target liost system; 
said extracted password is validated as a valid password for the end user; 

and 

said extracted key identifier is matched with said correct key ideiUifier 
cidculatcd from said subject public key information. 

1 0. (orieinal) The computer data signal of claim 17, wherein said extracted 
password and said extracted key idcnlincr are initially symmetrically cncry}>tcd. 

20. (original) The computer data signal of claim 1 7, wherein said cxtraclcd 
password and said extracted key idc])tificr are initially asymmetrically encryiHcd, 

21 . (original) The computer data signal of claim 15j wherein: 

said pkiralily of data fields inchidcs a password; and 
said signed object docs not include said password, 
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22, (previously pi cscnlotl) 'Che mclhod of claim 2, wherein said scaled proof of 
posscsyion is vcri fiablc for compatibility with at least one other of said plurality of data 
fields of Sinid certificate request. 

23, (previously presented) The storage Jiicdium of claim 9, wherein said sealed 
]>roorof po.sscssion is verifiable for compatibility with at least one other of said plurality 
of data fields of said cerlificatc request, 

24, (previously presented) The computer data signal of claim 16, wherein siiid 
SL-aled proof of possession is verifiable for compatibility with at least one other of said 
phtrtility of diUa fields of said ccctificate request. 
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